Add fuzzer github->action workflow

Signed-off-by: Taras Drozdovskyi <[email protected]>

.clusterfuzzlite/Dockerfile

@@ -0,0 +1,19 @@
+FROM gcr.io/oss-fuzz-base/base-builder-jvm
+
+RUN curl -L https://archive.apache.org/dist/maven/maven-3/3.6.3/binaries/apache-maven-3.6.3-bin.zip -o maven.zip && \
+    unzip maven.zip -d $SRC/maven && \
+    rm -rf maven.zip
+
+ENV MVN $SRC/maven/apache-maven-3.6.3/bin/mvn
+
+RUN rm -rf $SRC/lpvs
+
+RUN git clone --depth 1 https://github.com/samsung/lpvs
+
+COPY . $SRC
+
+#COPY build.sh $SRC/
+WORKDIR $SRC
+
+# WORKDIR clusterfuzzlite-example
+COPY .clusterfuzzlite/build.sh $SRC

.clusterfuzzlite/build.sh

@@ -0,0 +1,41 @@
+PROJECT=lpvs
+PROJECT_GROUP_ID=com.lpvs
+PROJECT_ARTIFACT_ID=lpvs
+MAIN_REPOSITORY=https://github.com/samsung/lpvs
+MAVEN_ARGS="-Djavac.src.version=11 -Djavac.target.version=11 -Denforcer.skip=true -DskipTests -Dgpg.skip"
+
+  # Move seed corpus and dictionary.
+  # mv $SRC/{*.zip,*.dict} $OUT
+
+  #install
+  # ($MVN install $MAVEN_ARGS -Dmaven.repo.local=$OUT/m2)
+  (cd $PROJECT && $MVN install $MAVEN_ARGS -Dmaven.repo.local=$OUT/m2)
+
+  # build classpath
+  $MVN dependency:build-classpath -Dmdep.outputFile=cp.txt -Dmaven.repo.local=$OUT/m2
+
+  cp -r $SRC/lpvs/target/test-classes/ $OUT/
+  RUNTIME_CLASSPATH_ABSOLUTE="$(cat cp.txt):$OUT/test-classes"
+  RUNTIME_CLASSPATH=$(echo $RUNTIME_CLASSPATH_ABSOLUTE | sed "s|$OUT|\$this_dir|g")
+
+  for fuzzer in $(find $SRC -name '*Fuzzer.java'); do
+    fuzzer_basename=$(basename -s .java $fuzzer)
+
+    # Create an execution wrapper for every fuzztarget
+    echo "#!/bin/bash
+    # LLVMFuzzerTestOneInput comment for fuzzer detection by infrastructure.
+    this_dir=\$(dirname \"\$0\")
+    if [[ \"\$@\" =~ (^| )-runs=[0-9]+($| ) ]]; then
+      mem_settings='-Xmx1900m:-Xss900k'
+    else
+      mem_settings='-Xmx2048m:-Xss1024k'
+    fi
+    LD_LIBRARY_PATH=\"$JVM_LD_LIBRARY_PATH\":\$this_dir \
+    \$this_dir/jazzer_driver --agent_path=\$this_dir/jazzer_agent_deploy.jar \
+    --cp=$RUNTIME_CLASSPATH \
+    --target_class=com.lpvs.entity.$fuzzer_basename \
+    --jvm_args=\"\$mem_settings\" \
+    --instrumentation_includes=\"com.**:org.**\" \
+    \$@" > $OUT/$fuzzer_basename
+      chmod u+x $OUT/$fuzzer_basename
+  done

.clusterfuzzlite/project.yaml

@@ -0,0 +1,10 @@
+homepage: "https://github.com/samsung/lpvs"
+language: jvm
+fuzzing_engines:
+  - libfuzzer
+main_repo: "https://github.com/samsung/lpvs"
+sanitizers:
+  - address
+vendor_ccs:
+  - "[email protected]"
+  - "[email protected]"

.github/workflows/cflite_batch.yml

@@ -0,0 +1,53 @@
+name: ClusterFuzzLite PR fuzzing
+
+on:
+  push:
+    branches: [ "main" ]
+  pull_request:
+    branches: [ "main" ]
+
+permissions: read-all
+
+jobs:
+  PR:
+    runs-on: ubuntu-latest
+    concurrency:
+      group: ${{ github.workflow }}-${{ matrix.sanitizer }}-${{ github.ref }}
+      cancel-in-progress: true
+    strategy:
+      fail-fast: false
+      matrix:
+        sanitizer:
+        - address
+        # Override this with the sanitizers you want.
+        # - undefined
+        # - memory
+    steps:
+    - name: Build Fuzzers (${{ matrix.sanitizer }})
+      id: build
+      uses: google/clusterfuzzlite/actions/build_fuzzers@v1
+      with:
+        language: jvm # Change this to the language you are fuzzing.
+        github-token: ${{ secrets.GITHUB_TOKEN }}
+        sanitizer: ${{ matrix.sanitizer }}
+        # Optional but recommended: used to only run fuzzers that are affected
+        # by the PR.
+        # See later section on "Git repo for storage".
+        # storage-repo: https://${{ secrets.PERSONAL_ACCESS_TOKEN }}@github.com/OWNER/STORAGE-REPO-NAME.git
+        # storage-repo-branch: main   # Optional. Defaults to "main"
+        # storage-repo-branch-coverage: gh-pages  # Optional. Defaults to "gh-pages".
+    - name: Run Fuzzers (${{ matrix.sanitizer }})
+      id: run
+      uses: google/clusterfuzzlite/actions/run_fuzzers@v1
+      with:
+        github-token: ${{ secrets.GITHUB_TOKEN }}
+        fuzz-seconds: 60
+        mode: 'code-change'
+        sanitizer: ${{ matrix.sanitizer }}
+        output-sarif: true
+        # Optional but recommended: used to download the corpus produced by
+        # batch fuzzing.
+        # See later section on "Git repo for storage".
+        # storage-repo: https://${{ secrets.PERSONAL_ACCESS_TOKEN }}@github.com/OWNER/STORAGE-REPO-NAME.git
+        # storage-repo-branch: main   # Optional. Defaults to "main"
+        # storage-repo-branch-coverage: gh-pages  # Optional. Defaults to "gh-pages".

pom.xml

@@ -86,6 +86,12 @@
             <version>2.0.0</version>
             <scope>test</scope>
         </dependency>
+        <dependency>
+            <groupId>com.code-intelligence</groupId>
+            <artifactId>jazzer-junit</artifactId>
+            <version>0.19.0</version>
+            <scope>test</scope>
+        </dependency>
         <dependency>
             <groupId>commons-codec</groupId>
             <artifactId>commons-codec</artifactId>

src/test/java/com/lpvs/entity/LPVSFileTestFuzzer.java

@@ -0,0 +1,36 @@
+/**
+ * Copyright (c) 2023, Samsung Electronics Co., Ltd. All rights reserved.
+ *
+ * Use of this source code is governed by a MIT license that can be
+ * found in the LICENSE file.
+ */
+package com.lpvs.entity;
+
+import com.code_intelligence.jazzer.api.FuzzedDataProvider;
+import com.code_intelligence.jazzer.junit.FuzzTest;
+
+import org.junit.jupiter.api.*;
+import java.util.*;
+
+public class LPVSFileTestFuzzer {
+
+    LPVSFile lpvsFile;
+
+    @BeforeEach
+    void setUp() {
+        lpvsFile = new LPVSFile();
+    }
+
+    @FuzzTest
+    public static void fuzzerTestOneInput(FuzzedDataProvider data) {
+        int number = data.consumeInt();
+        String string = data.consumeRemainingAsString();
+        // ...
+        try {
+            // do stuff here that possibly throw the exception
+            return;
+        } catch (IllegalStateException e) {
+            return;
+        }
+    }
+}